CN114244755B - Asset detection method, device, equipment and storage medium - Google Patents
Asset detection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114244755B CN114244755B CN202111536391.5A CN202111536391A CN114244755B CN 114244755 B CN114244755 B CN 114244755B CN 202111536391 A CN202111536391 A CN 202111536391A CN 114244755 B CN114244755 B CN 114244755B
- Authority
- CN
- China
- Prior art keywords
- address
- port
- detection
- target
- civil
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 165
- 238000000034 method Methods 0.000 claims abstract description 39
- 230000004083 survival effect Effects 0.000 claims abstract description 27
- 230000007123 defense Effects 0.000 claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 4
- 239000000523 sample Substances 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Abstract
The embodiment of the invention provides an asset detection method, device, equipment and storage medium, wherein the method comprises the following steps: the method comprises the steps that a central node sends a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address; the detection node receives a detection task issued by the central node, and if the target IP address is determined to be a survival IP address based on the detection task, a survival port in the port range is determined; the detection node determines the equipment type corresponding to the survival port and reports the equipment type to the central node; and the central node receives the equipment type, if the equipment type is inquired in a civil equipment library, the target IP address is judged to be the civil IP address, so that the property judgment of the target IP address can be realized, the comprehensive detection information is obtained, the subsequent defense deployment is facilitated, and the safety is ensured.
Description
Technical Field
The embodiment of the invention relates to the technical field of asset detection, in particular to an asset detection method, an asset detection device, an asset detection equipment and a storage medium.
Background
With the continued development of networks and the dramatic increase in network usage demands of users, network sizes are continually expanding and tending to complicate, more and more devices are added to the network space. Through network space asset detection, potential safety risks can be timely found, and illegal vain attack is avoided. In the asset detection, different processing methods can be adopted aiming at different IP address properties of equipment, so that network security is ensured. And thus has important significance for distinguishing the IP address properties of the devices.
In the related technology, in the asset detection process, basic information such as manufacturer, model and the like of the asset can be generally identified only through a protocol, the distinction of the IP address property of the equipment cannot be realized, and the detection information is not comprehensive.
Disclosure of Invention
The embodiment of the invention provides an asset detection method, device, equipment and storage medium, which can realize the property judgment of a target IP address, obtain comprehensive detection information, be favorable for subsequent defense deployment and ensure safety.
In a first aspect, an embodiment of the present invention provides a method for detecting an IP address of a civil internet protocol address, where the method is applied to a central node, and the method includes:
sending a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
receiving the equipment type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and if the equipment type is inquired in the civil equipment library, judging that the target IP address is a civil IP address.
In a second aspect, an embodiment of the present invention further provides an asset detection method, where the method is applied to a detection node, and the method includes:
receiving a detection task issued by a central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
if the target IP address is judged to be the surviving IP address based on the detection task, the surviving port in the port range is determined;
and determining the equipment type corresponding to the survival port, and reporting the equipment type to the central node, so that if the central node inquires the equipment type in a civil equipment library, judging that the target IP address is a civil IP address.
In a third aspect, an embodiment of the present invention further provides an asset detection method, including:
the method comprises the steps that a central node sends a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
the detection node receives a detection task issued by the central node, and if the target IP address is determined to be a survival IP address based on the detection task, a survival port in the port range is determined;
the detection node determines the equipment type corresponding to the survival port and reports the equipment type to the central node;
and the central node receives the equipment type, and if the equipment type is inquired in a civil equipment library, the target IP address is judged to be a civil IP address.
In a fourth aspect, an embodiment of the present invention provides an asset detection device, including:
the sending module is used for sending a detection task to the detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
the receiving module is used for receiving the equipment type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and the judging module is used for judging that the target IP address is a civil IP address if the equipment type is inquired in the civil equipment library.
In a fifth aspect, an embodiment of the present invention provides an electronic device, including:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the methods provided by the embodiments of the present invention.
In a sixth aspect, an embodiment of the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method provided by an embodiment of the present invention.
According to the technical scheme provided by the embodiment of the invention, the central node issues the detection task, if the detection task judges that the target IP address survives, the detection node determines the survived port in the port range corresponding to the target IP address, determines the equipment type corresponding to the survived port, reports the equipment type to the central node, and if the central node inquires the equipment type in civil equipment, judges that the target IP address is the civil IP address, the property judgment of the target IP address can be realized, comprehensive detection information is obtained, subsequent defense deployment is facilitated, and safety is ensured.
Drawings
FIG. 1 is a flow chart of an asset detection method provided by an embodiment of the invention;
FIG. 2 is a flow chart of an asset detection method according to an embodiment of the present invention;
FIG. 3 is a flow chart of an asset detection method according to an embodiment of the present invention;
FIG. 4 is a block diagram of an asset detection device according to an embodiment of the present invention;
FIG. 5 is a block diagram of an asset detection device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Fig. 1 is a flowchart of an asset detection method provided by an embodiment of the present invention, where the method may be performed by an asset detection device, where the device may be implemented by software and/or hardware, where the device may be configured in a central node, where the central node may be an electronic device such as a server, and where the method may be applied in a scenario of asset detection.
As shown in fig. 1, the technical solution provided by the embodiment of the present invention includes:
s110: and sending a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address.
In one implementation of the embodiment of the present invention, before sending the probe task to the probe node, the method may further include: and configuring a civil equipment library. In particular, a library of consumer devices may be collected and consolidated, including but not limited to home wireless routers, set-top boxes, and terminals.
In the embodiment of the invention, the central node can distribute the detection task for each detection node and send the detection task to the detection node, wherein the detection task comprises a designated target IP address and a port range corresponding to the target IP address, and can also comprise information such as a task name and the like. The target IP address is an IP address to be detected, each IP address corresponds to a plurality of ports, and the ports form a port range.
S120: and receiving the equipment type corresponding to the surviving port in the port range sent by the detection node based on the detection task.
In the embodiment of the invention, the detection node receives the detection task, determines whether the target IP address is the surviving IP address according to the detection task, and determines the surviving port in the port range if the target IP address is judged to be the surviving IP address. The method for the probe node to judge that the target IP address is the surviving IP address may be: judging whether a surviving port exists in a port range corresponding to the target IP address, if so, judging that the target IP address is the surviving IP address, and if not, judging that the target IP address is not the surviving IP address. If the target IP address is judged to be the surviving IP address, the surviving port in the port range corresponding to the target IP address is determined, and the equipment type corresponding to the surviving port is determined.
In the embodiment of the invention, one device may correspond to one IP address, one IP address corresponds to a port range, that is, one device may correspond to one port range, that is, one device may correspond to a plurality of ports, and a surviving port may exist in the plurality of ports, so that the surviving port may correspond to a device type. Optionally, the method for judging that the surviving port exists in the port range may be: the detection node judges whether connection can be established with the ports in the port range, if so, the port which can be established with the detection node is a surviving port, and if not, the port which can not be established with the detection node is not a surviving port. Optionally, the method for determining the device type corresponding to the surviving port may be: the probe node sends a probe data packet to the surviving port, the surviving port sends a feedback data packet to the probe node, and the corresponding equipment type is determined based on the data in the feedback data packet. The data in the feedback data packet may include information of a device type, so that the device type corresponding to the surviving port may be determined based on the feedback data packet. The device types may include, among others, civilian device types, non-civilian device types, and the like.
S130: and if the equipment type is inquired in the civil equipment library, judging that the target IP address is a civil IP address.
In the embodiment of the invention, the central node can compare the equipment type in the civil equipment library with the equipment type corresponding to the surviving port (the surviving port in the port range corresponding to the target IP address), and if the equipment type corresponding to the surviving port is queried in the civil equipment library, the target IP address is the civil IP address. The civil IP address may refer to a user of the IP address not belonging to a company or enterprise, but a general resident or individual user.
In an implementation manner of the embodiment of the present invention, optionally, the method provided by the embodiment of the present invention may further include: if the equipment type is not queried in the civil equipment library, judging that the target IP address is not the civil IP address, and determining a corresponding defense strategy for the target IP address. If the target IP address is not a civil IP address, the user of the target IP address may be a company or a unit, and if the user is attacked, a larger loss may occur, so that a defending policy corresponding to the target IP address needs to be formulated, or an attack policy may also be determined, so that the target IP address may be protected, and the loss caused by the attack on the target IP address is avoided.
According to the technical scheme provided by the embodiment of the invention, the central node sends the detection task, so that the detection node determines the survival port in the port range corresponding to the target IP address through the detection task if judging that the target IP address survives, determines the equipment type corresponding to the survival port, receives the equipment type reported by the detection node, and judges that the target IP address is the civil IP address if the equipment type is inquired in the civil equipment, thereby realizing the property judgment of the target IP address, obtaining comprehensive detection information, being beneficial to subsequent defense deployment and ensuring safety.
Fig. 2 is a flowchart of an asset detection method provided by an embodiment of the present invention, where the method may be performed by an asset detection device, where the device may be implemented by software and/or hardware, where the device may be configured in a detection node, where the detection node may be an electronic device such as a computer, and where the method may be applied in a scenario of asset detection.
As shown in fig. 2, the technical solution provided by the embodiment of the present invention includes:
s210: and receiving a detection task issued by the central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address.
In the embodiment of the invention, the central node can distribute the detection task for each detection node, send the detection task to the detection node, and the detection node receives the detection task. The detection task comprises a designated target IP address and a port range corresponding to the target IP address. The target IP address is an IP address to be detected, each IP address corresponds to a plurality of ports, and the ports form a port range.
S220: and if the target IP address is judged to be the surviving IP address based on the detection task, determining the surviving port in the port range.
In the embodiment of the invention, the detection node determines whether the target IP address is a surviving IP address according to the detection task, and if so, determines that the target IP address is a surviving IP address, then determines a surviving port in the port range.
In one implementation of the embodiment of the present invention, optionally, determining a surviving port in the port range includes: judging whether to establish connection with the port in the port range; if yes, determining the port for establishing connection as a surviving port. The detection node judges whether connection can be established with the port in the port range, if so, the port which can be established with the detection node is a surviving port, and if not, the port which can be established with the detection node is not the surviving port.
S230: and determining the equipment type corresponding to the survival port, and reporting the equipment type to the central node, so that if the central node inquires the equipment type in a civil equipment library, judging that the target IP address is a civil IP address.
In one implementation manner of the embodiment of the present invention, optionally, the determining the device type corresponding to the surviving port includes: transmitting a detection data packet to the survival port, so that the survival port transmits a feedback data packet based on the detection data packet; and determining the equipment type corresponding to the surviving port based on the feedback data packet sent by the surviving port. The data in the feedback data packet may include information of a device type, so that the device type corresponding to the surviving port may be determined based on the feedback data packet. The device types may include, among others, civilian device types, non-civilian device types, and the like.
In the embodiment of the invention, the detecting node can report the equipment type corresponding to the surviving port to the central node, the central node can compare the equipment type in the civil equipment library with the equipment type corresponding to the surviving port (the surviving port in the port range corresponding to the target IP address), and if the equipment type corresponding to the surviving port is inquired in the civil equipment library, the target IP address is the civil IP address.
According to the technical scheme provided by the embodiment of the invention, through receiving the detection task issued by the central node, if the detection task passes through the detection node and judges that the target IP address survives, the survived port in the port range corresponding to the target IP address is determined, the equipment type corresponding to the survived port is determined, and the equipment type is reported to the central node, so that if the central node inquires the equipment type in civil equipment, the target IP address is judged to be the civil IP address, the property judgment of the target IP address can be realized, the comprehensive detection information is obtained, the subsequent defense deployment is facilitated, and the safety is ensured.
Fig. 3 is a flowchart of an asset detection method provided by an embodiment of the present invention, where in this embodiment, the method may be performed by a central node and a detection node, and as shown in fig. 3, a technical solution provided by an embodiment of the present invention includes:
s310: the central node sends a detection task to the detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address.
S320: and the detection node receives a detection task issued by the central node, and if the target IP address is determined to be a survival IP address based on the detection task, the survival port in the port range is determined.
S330: and the detection node determines the equipment type corresponding to the survival port and reports the equipment type to the central node.
S340: and the central node receives the equipment type, and if the equipment type is inquired in a civil equipment library, the target IP address is judged to be a civil IP address.
Optionally, the method may further include: if the equipment type is not queried in the civil equipment library, the central node judges that the target IP address is not the civil IP address, and determines a corresponding defense strategy for the target IP address.
Optionally, the method may further include: the central node configures a civil equipment library, wherein the civil equipment library comprises a home wireless router, a set top box and a terminal.
Optionally, determining a surviving port in the port range includes:
judging whether to establish connection with the port in the port range;
if yes, determining the port for establishing connection as a surviving port.
Optionally, the determining the device type corresponding to the surviving port includes:
transmitting a detection data packet to the survival port, so that the survival port transmits a feedback data packet based on the detection data packet;
and determining the equipment type corresponding to the surviving port based on the feedback data packet sent by the surviving port.
The description of the above steps may refer to the description of the above embodiments, and will not be repeated.
Fig. 4 is a block diagram of an asset detection device according to an embodiment of the present invention, as shown in fig. 4, where the device includes: a transmitting module 410, a receiving module 420 and a judging module 430.
A sending module 410, configured to send a probing task to a probing node, where the probing task includes a target IP address and a port range corresponding to the target IP address;
a receiving module 420, configured to receive a device type corresponding to a surviving port in the port range sent by the probe node based on the probe task;
and the judging module 430 is configured to judge that the target IP address is a civil IP address if the equipment type is queried in the civil equipment library.
Optionally, the determining module 430 is further configured to determine that the target IP address is not a civil IP address if the device type is not queried in the civil device library, and determine a corresponding defense policy for the target IP address.
Optionally, the device further comprises a configuration module, which is used for configuring a civil equipment library, wherein the civil equipment library comprises a home wireless router, a set top box and a terminal.
The device can execute the method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing the method.
Fig. 5 is a block diagram of an asset detection device according to an embodiment of the present invention, and as shown in fig. 5, the device includes a task receiving module 510, a first determining module 520, and a second determining module 530.
The task receiving module 510 is configured to receive a probe task sent by a central node, where the probe task includes a target IP address and a port range corresponding to the target IP address;
a first determining module 520, configured to determine a surviving port in the port range if the target IP address is judged to be a surviving IP address based on the probing task;
a second determining module 530, configured to determine a device type corresponding to the surviving port, and report the device type to the central node, so that if the central node queries the device type in a civil device library, it determines that the target IP address is a civil IP address.
Optionally, determining a surviving port in the port range includes:
judging whether to establish connection with the port in the port range;
if yes, determining the port for establishing connection as a surviving port.
Optionally, the determining the device type corresponding to the surviving port includes:
transmitting a detection data packet to the survival port, so that the survival port transmits a feedback data packet based on the detection data packet;
and determining the equipment type corresponding to the surviving port based on the feedback data packet sent by the surviving port.
The device can execute the method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing the method.
Fig. 6 is a schematic structural diagram of an apparatus according to an embodiment of the present invention, as shown in fig. 6, where the apparatus includes:
one or more processors 610, one processor 610 being illustrated in fig. 6;
a memory 620;
the apparatus may further include: an input device 630 and an output device 640.
The processor 610, memory 620, input 630 and output 640 of the device may be connected by a bus or other means, for example in fig. 6.
The memory 620 is used as a non-transitory computer readable storage medium for storing software programs, computer executable programs, and modules, such as program instructions/modules corresponding to an asset detection method in an embodiment of the present invention (e.g., the sending module 410, the receiving module 420, and the judging module 430 shown in fig. 4, or the task receiving module 510, the first determining module 520, and the second determining module 530 shown in fig. 5). The processor 610 executes various functional applications and data processing of the computer device by running software programs, instructions and modules stored in the memory 620, i.e. implements an asset detection method of the above-described method embodiments, namely:
sending a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
receiving the equipment type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and if the equipment type is inquired in the civil equipment library, judging that the target IP address is a civil IP address.
Or alternatively;
receiving a detection task issued by a central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
if the target IP address is judged to be the surviving IP address based on the detection task, the surviving port in the port range is determined;
and determining the equipment type corresponding to the survival port, and reporting the equipment type to the central node, so that if the central node inquires the equipment type in a civil equipment library, judging that the target IP address is a civil IP address.
Memory 620 may include a storage program area that may store an operating system, at least one application program required for functionality, and a storage data area; the storage data area may store data created according to the use of the computer device, etc. In addition, memory 620 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 620 optionally includes memory remotely located relative to processor 610, which may be connected to the terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 630 may be used to receive entered numeric or character information and to generate key signal inputs related to user settings and function control of the computer device. The output device 640 may include a display device such as a display screen.
An embodiment of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements an asset detection method as provided by the embodiment of the present invention:
sending a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
receiving the equipment type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and if the equipment type is inquired in the civil equipment library, judging that the target IP address is a civil IP address.
Or alternatively;
receiving a detection task issued by a central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
if the target IP address is judged to be the surviving IP address based on the detection task, the surviving port in the port range is determined;
and determining the equipment type corresponding to the survival port, and reporting the equipment type to the central node, so that if the central node inquires the equipment type in a civil equipment library, judging that the target IP address is a civil IP address.
Any combination of one or more computer readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.
Claims (10)
1. An asset detection method, the method being applied to a central node, the method comprising:
sending a detection task to a detection node, wherein the detection task comprises a target network protocol (IP) address and a port range corresponding to the target IP address;
receiving the equipment type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and if the equipment type is inquired in a civil equipment library, judging that the target IP address is a civil IP address, wherein the civil refers to a common resident or a personal user.
2. The method as recited in claim 1, further comprising:
if the equipment type is not queried in the civil equipment library, judging that the target IP address is not the civil IP address, and determining a corresponding defense strategy for the target IP address.
3. The method as recited in claim 1, further comprising: and configuring a civil equipment library, wherein the civil equipment library comprises a home wireless router, a set top box and a terminal.
4. An asset detection method, the method being applied to a detection node, the method comprising:
receiving a detection task issued by a central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
if the target IP address is judged to be the surviving IP address based on the detection task, the surviving port in the port range is determined;
and determining the equipment type corresponding to the survival port, and reporting the equipment type to the central node, so that if the central node inquires the equipment type in a civil equipment library, judging that the target IP address is a civil IP address, wherein the civil refers to a common resident or a personal user.
5. The method of claim 4, wherein determining surviving ports in the range of ports comprises:
judging whether to establish connection with the port in the port range;
if yes, determining the port for establishing connection as a surviving port.
6. The method of claim 4, wherein the determining the device type to which the surviving port corresponds comprises:
transmitting a detection data packet to the survival port, so that the survival port transmits a feedback data packet based on the detection data packet;
and determining the equipment type corresponding to the surviving port based on the feedback data packet sent by the surviving port.
7. An asset detection method, comprising:
the method comprises the steps that a central node sends a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
the detection node receives a detection task issued by the central node, and if the target IP address is determined to be a survival IP address based on the detection task, a survival port in the port range is determined;
the detection node determines the equipment type corresponding to the survival port and reports the equipment type to the central node;
and the central node receives the equipment type, and if the equipment type is queried in a civil equipment library, the target IP address is judged to be a civil IP address, wherein the civil refers to a common resident or a personal user.
8. An asset detection device, comprising:
the sending module is used for sending a detection task to the detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
the receiving module is used for receiving the equipment type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and the judging module is used for judging that the target IP address is a civil IP address if the equipment type is inquired in a civil equipment library, wherein the civil refers to a common resident or a personal user.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-6.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111536391.5A CN114244755B (en) | 2021-12-15 | 2021-12-15 | Asset detection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111536391.5A CN114244755B (en) | 2021-12-15 | 2021-12-15 | Asset detection method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114244755A CN114244755A (en) | 2022-03-25 |
| CN114244755B true CN114244755B (en) | 2023-11-14 |
Family
ID=80756621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111536391.5A Active CN114244755B (en) | 2021-12-15 | 2021-12-15 | Asset detection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114244755B (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101600097A (en) * | 2009-03-06 | 2009-12-09 | 深圳市灵琅科技有限公司 | The method and system of security protection monitoring for mobile multimedia |
| CN102439905A (en) * | 2011-09-30 | 2012-05-02 | 华为技术有限公司 | Method, device and system of finding network topology automatically |
| CN102684897A (en) * | 2011-03-14 | 2012-09-19 | 上海宝信软件股份有限公司 | Method for discovering transmission control protocol/Internet protocol (TCP/IP) network private access equipment |
| WO2016093724A1 (en) * | 2014-12-11 | 2016-06-16 | Bitdefender Ipr Management Ltd | Systems and methods for automatic device detection, device management, and remote assistance |
| CN107846460A (en) * | 2017-10-30 | 2018-03-27 | 中国人民解放军战略支援部队航天工程大学 | A kind of recurrence system and method for Military Information System information flow |
| CN108900351A (en) * | 2018-07-13 | 2018-11-27 | 中国科学院信息工程研究所 | The recognition methods of Intranet device type and device |
| CN109345786A (en) * | 2018-09-13 | 2019-02-15 | 国网上海市电力公司 | A kind of non-resident user power utilization abnormal conditions automatic alarm system of low pressure |
| CN109426574A (en) * | 2017-08-31 | 2019-03-05 | 华为技术有限公司 | Distributed computing system, data transmission method and device in distributed computing system |
| CN110233848A (en) * | 2019-06-18 | 2019-09-13 | 浙江齐治科技股份有限公司 | A kind of assets Situation analysis method and device |
| CN110311809A (en) * | 2019-06-12 | 2019-10-08 | 杭州迪普科技股份有限公司 | The access terminal monitoring and managing method and device of video monitoring system |
| CN110943884A (en) * | 2019-11-22 | 2020-03-31 | 深圳前海微众银行股份有限公司 | Data processing method and device |
| CN111709009A (en) * | 2020-06-17 | 2020-09-25 | 杭州安恒信息技术股份有限公司 | Detection method and device for networked industrial control system, computer equipment and medium |
| CN112118152A (en) * | 2020-09-02 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Distributed architecture for realizing rapid scanning of network assets |
| CN112699378A (en) * | 2020-12-31 | 2021-04-23 | 北京航天控制仪器研究所 | Industrial control equipment vulnerability detection system and method |
| CN113055379A (en) * | 2021-03-11 | 2021-06-29 | 北京顶象技术有限公司 | Risk situation perception method and system for key infrastructure of whole network |
| CN113259197A (en) * | 2021-05-13 | 2021-08-13 | 北京天融信网络安全技术有限公司 | Asset detection method and device and electronic equipment |
| CN113315743A (en) * | 2020-02-27 | 2021-08-27 | 阿里巴巴集团控股有限公司 | Defense processing method, device, equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2903263A1 (en) * | 2006-06-30 | 2008-01-04 | France Telecom | METHOD FOR ADDRESSING SERVICE ELEMENTS AND CALL TRANSMISSION BETWEEN HETEROGENEOUS NODES |
| US9197498B2 (en) * | 2012-08-31 | 2015-11-24 | Cisco Technology, Inc. | Method for automatically applying access control policies based on device types of networked computing devices |
-
2021
- 2021-12-15 CN CN202111536391.5A patent/CN114244755B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101600097A (en) * | 2009-03-06 | 2009-12-09 | 深圳市灵琅科技有限公司 | The method and system of security protection monitoring for mobile multimedia |
| CN102684897A (en) * | 2011-03-14 | 2012-09-19 | 上海宝信软件股份有限公司 | Method for discovering transmission control protocol/Internet protocol (TCP/IP) network private access equipment |
| CN102439905A (en) * | 2011-09-30 | 2012-05-02 | 华为技术有限公司 | Method, device and system of finding network topology automatically |
| WO2016093724A1 (en) * | 2014-12-11 | 2016-06-16 | Bitdefender Ipr Management Ltd | Systems and methods for automatic device detection, device management, and remote assistance |
| CN109426574A (en) * | 2017-08-31 | 2019-03-05 | 华为技术有限公司 | Distributed computing system, data transmission method and device in distributed computing system |
| CN107846460A (en) * | 2017-10-30 | 2018-03-27 | 中国人民解放军战略支援部队航天工程大学 | A kind of recurrence system and method for Military Information System information flow |
| CN108900351A (en) * | 2018-07-13 | 2018-11-27 | 中国科学院信息工程研究所 | The recognition methods of Intranet device type and device |
| CN109345786A (en) * | 2018-09-13 | 2019-02-15 | 国网上海市电力公司 | A kind of non-resident user power utilization abnormal conditions automatic alarm system of low pressure |
| CN110311809A (en) * | 2019-06-12 | 2019-10-08 | 杭州迪普科技股份有限公司 | The access terminal monitoring and managing method and device of video monitoring system |
| CN110233848A (en) * | 2019-06-18 | 2019-09-13 | 浙江齐治科技股份有限公司 | A kind of assets Situation analysis method and device |
| CN110943884A (en) * | 2019-11-22 | 2020-03-31 | 深圳前海微众银行股份有限公司 | Data processing method and device |
| CN113315743A (en) * | 2020-02-27 | 2021-08-27 | 阿里巴巴集团控股有限公司 | Defense processing method, device, equipment and storage medium |
| CN111709009A (en) * | 2020-06-17 | 2020-09-25 | 杭州安恒信息技术股份有限公司 | Detection method and device for networked industrial control system, computer equipment and medium |
| CN112118152A (en) * | 2020-09-02 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Distributed architecture for realizing rapid scanning of network assets |
| CN112699378A (en) * | 2020-12-31 | 2021-04-23 | 北京航天控制仪器研究所 | Industrial control equipment vulnerability detection system and method |
| CN113055379A (en) * | 2021-03-11 | 2021-06-29 | 北京顶象技术有限公司 | Risk situation perception method and system for key infrastructure of whole network |
| CN113259197A (en) * | 2021-05-13 | 2021-08-13 | 北京天融信网络安全技术有限公司 | Asset detection method and device and electronic equipment |
Non-Patent Citations (2)
| Title |
|---|
| 戴支祥 ; 赵生慧 ; .利用端口探测主机存活性的方法.滁州学院学报.2006,(第03期),全文. * |
| 贺英杰 ; 王慧强 ; 周仁杰 ; .面向网络态势感知的实时网络拓扑发现.计算机工程.2009,(第24期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114244755A (en) | 2022-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8953479B2 (en) | System and method for license enforcement for data center monitoring applications | |
| EP2777226B1 (en) | A streaming method and system for processing network metadata | |
| RU2562438C2 (en) | Network system and network management method | |
| US9674142B2 (en) | Monitoring network traffic | |
| CN106936791B (en) | Method and device for intercepting malicious website access | |
| CN104484259A (en) | Application program traffic monitoring method and device, and mobile terminal | |
| US20190281072A1 (en) | Asset discovery using established network connections of known assets | |
| CN103746956A (en) | Virtual honeypot | |
| CN104219316A (en) | Method and device for processing call request in distributed system | |
| CN107959715A (en) | Remote terminal information recognition software system and recognition methods based on wireless telecommunications | |
| JP2019525604A (en) | Network function NF management method and NF management apparatus | |
| CN101895552B (en) | Security gateway and method thereof for detecting proxy surfing | |
| US10594584B2 (en) | Network analysis and monitoring tool | |
| CN110780918B (en) | Middleware container processing method and device, electronic equipment and storage medium | |
| CN111698110A (en) | Network equipment performance analysis method, system, equipment and computer medium | |
| CN114244755B (en) | Asset detection method, device, equipment and storage medium | |
| WO2019047693A1 (en) | Method and device for carrying out wifi network security monitoring | |
| KR20200007912A (en) | Methods, devices, and systems for monitoring data traffic | |
| CN111737084A (en) | Information monitoring method and device, intelligent equipment, computer equipment and medium | |
| CN103916489A (en) | Method and system for resolving single-domain-name multi-IP domain name | |
| KR102184114B1 (en) | Method and apparatus for providing network security service | |
| CN108199965B (en) | Flow spec table item issuing method, network device, controller and autonomous system | |
| CN103501334A (en) | Data transmission method, data transmission equipment and network system | |
| CN102594611B (en) | Trap session chain table updating method for webmaster agent | |
| CN112152854A (en) | Information processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |