CN115378912B - Scanning method and system for active IPv6 address - Google Patents
Scanning method and system for active IPv6 address Download PDFInfo
- Publication number
- CN115378912B CN115378912B CN202210862867.2A CN202210862867A CN115378912B CN 115378912 B CN115378912 B CN 115378912B CN 202210862867 A CN202210862867 A CN 202210862867A CN 115378912 B CN115378912 B CN 115378912B
- Authority
- CN
- China
- Prior art keywords
- address
- active
- ipv6
- addresses
- scanning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a scanning method and a system of active IPv6 addresses, which relate to the technical field of IP asset scanning, and the method comprises the following steps: counting target IP addresses with IP aliases in the active IPv6 address seed set, and calculating the first address duty ratio of the target IP addresses in the corresponding active IPv6 address seed set; if the first address duty ratio exceeds a first duty ratio threshold, generating a pre-scanning address set based on the expansion parameter; detecting a pre-scanning address set and classifying addresses according to detection results; the IPv6 active address expansion algorithm and the IPv6 active address direct reckoning method are combined to calculate the active IP addresses in the target active IPv6 address seed set; and if the first duty ratio threshold is not exceeded, the active IP addresses in the target active IPv6 address seed set are calculated through IPv6 active address direct calculation. The method has the effect of higher scanning accuracy when analyzing any seed address set.
Description
Technical Field
The application relates to the technical field of IP asset scanning, in particular to a scanning method and a system of active IPv6 addresses.
Background
Identifying IP addresses that are actively mined is of great significance in network applications, and as networks continue to develop, IPv4 addresses do not meet network usage requirements, so that IPv6 addresses are more adopted by today's IP addresses. The increase in IPv6 address length by a factor of 4 compared to IPv4 addresses results in an exponential increase in IPv6 address space size, with 264 addresses for an IPv6 subnet with a prefix length of 64, approximately 40 hundred million times IPv4, theoretically capable of allocating 1.844 x 1019 hosts, thus resulting in a lower active density of IPv6 hosts compared to IPv4 networks.
However, the low activity density and the huge address space result in low scanning efficiency for active host addresses, and hundreds of millions of years are required for scanning the whole IPv6 address space, so that traversing the IPv6 network address is not feasible at present in the technical level. In the related art, an IPv6 address discovery algorithm is generally adopted to scan an active address, a seed address set is input into the discovery algorithm, address features in the seed address set are analyzed and calculated through the discovery algorithm, and a scanning target address set is finally generated and output as the active address.
With respect to the related art in the above, the inventors consider that there are the following drawbacks: when the discovery algorithm is adopted, the seed address set with obvious address characteristics is required to be input, so that the seed address set has higher scanning accuracy, and the scanning accuracy is lower when the seed address set with less obvious address characteristics is analyzed.
Disclosure of Invention
In order to overcome the defect of low scanning accuracy when analyzing a seed address set with less obvious address characteristics, the application provides a scanning method and a system for active IPv6 addresses.
In a first aspect, the present application provides a method for scanning active IPv6 addresses, including the following steps:
acquiring an active IPv6 address seed subset;
respectively counting target IP addresses with IP aliases in all the active IPv6 address seed sets, and calculating the first address duty ratio of the target IP addresses in the corresponding active IPv6 address seed sets;
judging whether the first address duty ratio exceeds a preset first duty ratio threshold value or not;
if the first address duty ratio exceeds the first duty ratio threshold, generating a pre-scanning address set based on a preset expansion parameter;
detecting the pre-scanning address set and classifying the addresses according to detection results;
the active IP addresses in the target active IPv6 address seed set are calculated by combining a preset IPv6 active address expansion algorithm and an IPv6 active address direct calculation method;
and if the first address duty ratio does not exceed the first duty ratio threshold, the active IP addresses in the target active IPv6 address seed set are calculated through the IPv6 active address direct calculation method.
By adopting the technical scheme, the address seed set is initially classified according to the preset first duty ratio threshold and the first address duty ratio of the target IP address with the IP alias in the address seed set, the address seed set with the small IP alias can be directly pushed out to the active IP address by adopting the IPv6 active address direct estimation method, and the address seed set with the large IP alias can be generated to be initially scanned, and then the active IP address is pushed out by combining the IPv6 active address expansion algorithm and the IPv6 active address direct estimation method. Compared with the discovery algorithm in the related art, the method can avoid considering the address characteristics of most addresses in the address seed set, and can improve the scanning accuracy on the basis of ensuring the scanning efficiency.
Optionally, the step of calculating the active IP address in the target active IPv6 address seed set by direct IPv6 active address extrapolation includes the following steps:
dividing all target addresses into a plurality of target address categories according to address prefix attributions of all target addresses in the target active IPv6 address seed set;
acquiring a historical active address of the target address category;
obtaining an address budget value of each target address category and a weight value of a plurality of address bits in a suffix address based on the historical active address analysis;
assigning a value to the corresponding address bit by combining the address budget value and the weight value;
and performing traversal assignment on the unassigned address bits within a preset value range to obtain the active IP address.
By adopting the technical scheme, the target address is divided into a plurality of target address categories according to the attribution of the address prefix, then assignment is carried out on a plurality of suffix address bits of the virtual address in the corresponding category according to the historical active address in each category, traversing scanning is carried out in a preset value range, finally assignment is carried out on a plurality of address bits which are not assigned in the suffix address of the virtual address, and the obtained plurality of IP addresses are calculated active IP addresses.
Optionally, the extension parameter determines an upper prefix length limit of the corresponding address block in the pre-scan address set.
By adopting the technical scheme, the number of address blocks of the pre-scanning is limited through the preset expansion parameters, and address blocks with fewer active addresses are eliminated, so that the time of pre-scanning the addresses is shortened, and the pre-scanning efficiency is improved.
Optionally, the detecting the pre-scanning address set and performing address classification according to the detection result includes the following steps:
detecting a plurality of address blocks in the pre-scanning address set to obtain a detection result;
analyzing and obtaining a second address ratio of the pre-scanning active address in each address block in the corresponding address block based on the detection result;
judging whether the second address duty ratio exceeds a preset second duty ratio threshold value;
if the second address duty ratio exceeds the second duty ratio threshold, dividing the corresponding address block into a high active address set;
and if the second address duty ratio does not exceed the second duty ratio threshold value, dividing the corresponding address block into a low active address set.
By adopting the technical scheme, the address blocks in the generated pre-scanning address set are detected and pre-scanned, and the address blocks are divided into a high active address set and a low active address set according to the activity of the address blocks.
Optionally, the step of calculating the active IP address in the target active IPv6 address seed set by combining a preset IPv6 active address extension algorithm and an IPv6 active address direct calculation method includes the following steps:
judging that the address blocks in the target active IPv6 address seed set belong to the high active address set or the low active address set;
if the address belongs to the high active address set, calculating an active IP address in the corresponding address block through a preset IPv6 active address expansion algorithm;
and if the address belongs to the low active address set, the active IP address in the corresponding address block is calculated through the IPv6 active address direct calculation method.
By adopting the technical scheme, according to the address blocks with different liveness, different algorithms are adopted for calculation, so that the efficiency and the accuracy of the calculation of the active address can be improved.
Optionally, the calculating, by a preset IPv6 active address extension algorithm, the active IP address corresponding to the address block includes the following steps:
acquiring address prefixes of all the address blocks in the high active address set;
traversing the suffix binary addresses corresponding to the address prefixes respectively to obtain a plurality of initial scanning address sets;
performing de-duplication processing and format unified processing on the plurality of initial scanning address sets to obtain a plurality of basic scanning address sets;
and merging a plurality of the basic scanning address sets into an active address set, wherein the addresses in the active address set are active IP addresses.
By adopting the technical scheme, the expansion algorithm is used for calculating the high active address set, the expansion algorithm is used for traversing the binary address of the scanning suffix based on the address prefix of the address block in the input high active address set to obtain a plurality of initial scanning address sets, but repeated addresses possibly appear in the initial scanning address set generated by traversing, so that the initial scanning address set is required to be subjected to de-duplication processing, the format is uniformly processed into an IPv6 standard format, a plurality of basic scanning address sets are obtained, all basic scanning address sets are combined into the active address set, and the expansion calculation of the active IP address is completed.
Optionally, the step of obtaining the active IPv6 address seed set includes the following steps:
acquiring a plurality of first active addresses from a preset open source IPv6 active address library;
acquiring a plurality of active domain names based on the Alexa ranking;
reversely resolving the plurality of active domain names into a plurality of second active addresses;
the first active addresses and the second active addresses are summarized into a subset of active IPv6 address types.
By adopting the technical scheme, the active IPv6 address seed subset can be acquired by combining the active IPv6 address library and the Alexa rank, and the address seed subset with specific address characteristics is not required to be acquired.
In a second aspect, the present application further provides a scanning system for active IPv6 addresses, including a memory, a processor, and a program stored on the memory and executable on the processor, where the program is capable of implementing a method for scanning active IPv6 addresses as described in the first aspect when loaded and executed by the processor.
Through adopting the technical scheme, through the calling of the program, the address seed set is initially classified according to a preset first duty ratio threshold value and the first address duty ratio of the target IP address with the IP alias in the address seed set, the address seed set with the small IP alias can be directly pushed out to be an active IP address by adopting an IPv6 active address direct estimation method, and the address seed set with the large IP alias can be generated to be a pre-scanned address set for initial scanning, and then the IPv6 active address expansion algorithm and the IPv6 active address direct estimation method are combined to be used for pushing out to be an active IP address. Compared with the discovery algorithm in the related art, the method can avoid considering the address characteristics of most addresses in the address seed set, and can improve the scanning accuracy on the basis of ensuring the scanning efficiency.
In summary, the present application includes the following beneficial technical effects:
firstly, the address seed set is initially classified according to a preset first duty ratio threshold value and a first address duty ratio of a target IP address with an IP alias in the address seed set, an IPv6 active address direct calculation method can be directly adopted to calculate an active IP address for the address seed set with a small IP alias, a pre-scanning address set can be generated to perform preliminary scanning for the address seed set with a large IP alias, and then the IPv6 active address expansion algorithm and the IPv6 active address direct calculation method are combined to calculate the active IP address. Compared with the discovery algorithm in the related art, the method can avoid considering the address characteristics of most addresses in the address seed set, and can improve the scanning accuracy on the basis of ensuring the scanning efficiency.
Drawings
Fig. 1 is a flow chart illustrating a method for scanning an active IPv6 address according to an embodiment of the present application.
Fig. 2 is a schematic flow chart of calculating an active IP address by direct estimation according to an embodiment of the present application.
Fig. 3 is a schematic flow chart of detecting a pre-scan address set and performing address classification according to a detection result according to an embodiment of the present application.
Fig. 4 is a flow chart of estimating an active IP address by combining an extended algorithm and a direct estimation method according to an embodiment of the present application.
Fig. 5 is a schematic flow chart of estimating an active IP address by an extended algorithm according to an embodiment of the present application.
Fig. 6 is a flow chart illustrating a method for obtaining a subset of active IPv6 address seeds according to one embodiment of the present application.
Detailed Description
The present application is described in further detail below in conjunction with figures 1 to 6.
The embodiment of the application discloses a scanning method and a system of active IPv6 addresses.
Referring to fig. 1, the method and system for scanning active IPv6 addresses includes the following steps:
s101, acquiring a subset of active IPv6 address types.
Wherein, the subset of active IPv6 address types of the open source can be obtained through the Internet.
S102, respectively counting target IP addresses with IP aliases in all active IPv6 address seed sets, and calculating the first address duty ratio of the target IP addresses in the corresponding active IPv6 address seed sets.
In the network setting process, a plurality of IP addresses can be added to the same physical network card, but the MAC addresses of all the IP addresses are the same, and the standby network node can be configured through the setting of the IP aliases. The target IP address with the IP alias can be scanned by scanning the MAC addresses of all addresses in the active IPv6 address seed set, and then the number of the target IP addresses is counted, so that the duty ratio of the target IP address in the active IPv6 address seed set is calculated.
S103, judging whether the first address duty ratio exceeds a preset first duty ratio threshold, and if so, executing step S104; if the first address duty cycle does not exceed the first duty cycle threshold, step S107 is performed.
The first duty ratio threshold value can be preset by human beings, and can be modified according to a modification instruction input by the human beings.
S104, generating a pre-scanning address set based on preset expansion parameters.
The extension parameters can be preset manually and modified according to an operation instruction input manually, the extension parameters determine the prefix length upper limit of the corresponding address blocks in the pre-scanning address set, the number of the pre-scanning address blocks is limited through the preset extension parameters, address blocks with fewer active addresses are eliminated, and therefore the time of pre-scanning addresses is shortened, and the pre-scanning efficiency is improved.
S105, detecting the pre-scanning address set and classifying the addresses according to detection results.
The IP scanning tool performs preliminary probe scanning on the pre-scanning address set, and the IP scanning tool may be Nmap, ARP Scan, or the like.
S106, the active IP addresses in the target active IPv6 address seed set are calculated by combining a preset IPv6 active address expansion algorithm and an IPv6 active address direct reckoning method.
S107, the active IP addresses in the target active IPv6 address seed set are calculated through IPv6 active address direct calculation.
The implementation principle of the embodiment is as follows:
firstly, the address seed set is initially classified according to a preset first duty ratio threshold value and a first address duty ratio of a target IP address with an IP alias in the address seed set, an IPv6 active address direct calculation method can be directly adopted to calculate an active IP address for the address seed set with a small IP alias, a pre-scanning address set can be generated to perform preliminary scanning for the address seed set with a large IP alias, and then the IPv6 active address expansion algorithm and the IPv6 active address direct calculation method are combined to calculate the active IP address. Compared with the discovery algorithm in the related art, the method can avoid considering the address characteristics of most addresses in the address seed set, and can improve the scanning accuracy on the basis of ensuring the scanning efficiency.
In step S107 of the embodiment shown in fig. 1, the addresses in the target active IPv6 address seed set may be classified and assigned by using a direct push algorithm, and finally, the active IP address is obtained. And is specifically described in detail by way of the embodiment shown in fig. 2.
Referring to fig. 2, the calculation of the active IP address by the direct estimation method includes the steps of:
s201, dividing all target addresses into a plurality of target address categories according to address prefix attributions of all target addresses in the target active IPv6 address seed set.
The address prefix of the IP address contains information of address attribution, and address features of active addresses in different regions are different, so that the target addresses can be divided into a plurality of target address categories according to attributions.
S202, acquiring a historical active address of a target address category.
The historical active addresses of the same attribution under the target address category can be obtained through an open source IPv6 active address library.
S203, analyzing and obtaining the address budget value of each target address category and the weight value of a plurality of address bits in the suffix address based on the historical active address.
And carrying out statistical analysis on big data of the suffix addresses in the plurality of historical active addresses, and taking the value with highest occurrence frequency of each address bit in the suffix addresses as the budget value of the corresponding address bit, thereby obtaining the address budget value of the corresponding target address category. And calculating a weight value for each numerical value of a certain address bit in the suffix address according to the occurrence frequency of each numerical value of the address bit, wherein the higher the occurrence frequency is, the higher the weight value is. If the number of the numerical values of a certain address bit is lower than a preset number threshold value, the weight value of the address bit is not calculated.
S204, assigning values for the corresponding address bits by combining the address budget value and the weight value.
If the address bit has a weight value, judging whether the value with the highest weight value of the address bit is the same as the address budget value of the address bit, and if so, assigning the value to the address bit. If the address bit does not calculate the weighted value, the address bit is not assigned a value.
S205, performing traversal assignment on the unassigned address bits in a preset value range to obtain the active IP address.
The maximum value range is 0 to 9, and the preset value range can be preset manually or can be modified by acquiring a modification instruction input manually. Performing traversal assignment on the non-assigned address bits based on the numerical value in the value range, if the non-assigned address bits have 3 bits and the value range is 0 to 9, obtaining 1000 IP addresses after traversal assignment, judging whether the 1000 IP addresses are active IP one by one, and if so, obtaining the active IP addresses.
The implementation principle of the embodiment is as follows:
dividing a target address into a plurality of target address categories according to address prefix attribution, assigning values for a plurality of suffix address bits of virtual addresses in corresponding categories according to historical active addresses in each category, performing traversal scanning within a preset value range, and finally assigning values for a plurality of address bits which are not assigned in the suffix addresses of the virtual addresses, wherein the obtained plurality of IP addresses are calculated active IP addresses.
In step S105 of the embodiment shown in fig. 1, according to the preliminary probe scanning on the pre-scanning address set, the liveness of a plurality of address blocks in the pre-scanning address set may be scanned, and then the address blocks are classified based on the liveness. And is specifically described in detail by way of the embodiment shown in fig. 3.
Referring to fig. 3, detecting a pre-scan address set and performing address classification according to a detection result includes the steps of:
s301, detecting a plurality of address blocks in the pre-scanning address set to obtain a detection result.
The probe scanning can be performed through an IP (Internet protocol) scanning probe tool such as Nmap and ARP Scan, and an active analysis report of the address in the pre-scanning address set can be generated through IPIP.NET.
S302, analyzing and obtaining the second address ratio of the pre-scanning active address in each address block in the corresponding address block based on the detection result.
And calculating the duty ratio of the active addresses in each address block according to the active analysis report and the detection result.
S303, judging whether the second address duty ratio exceeds a preset second duty ratio threshold, and if so, executing step S304; if the second address duty cycle does not exceed the second duty cycle threshold, step S305 is performed.
Wherein the second duty ratio threshold can be preset by human beings, or can be modified according to a modification instruction input by human beings
S304, dividing the corresponding address block into a high active address set.
S305, dividing the corresponding address block into a low active address set.
The implementation principle of the embodiment is as follows:
and detecting and pre-scanning the address blocks in the generated pre-scanning address set, and dividing the address blocks into a high active address set and a low active address set according to the activity degree of the address blocks and a preset second duty ratio threshold value, wherein the address blocks with the second address duty ratio exceeding the second duty ratio threshold value are divided into the high active address set, and the address blocks with the second address duty ratio not exceeding the second duty ratio threshold value are divided into the low active address set.
In step S106 of the embodiment shown in fig. 1, the active address is estimated by using different estimation algorithms for different types of address blocks according to the classification result in the embodiment shown in fig. 3. And is specifically described in detail by way of the embodiment shown in fig. 4.
Referring to fig. 4, the calculation of the active IP address in combination with the extended algorithm and the direct calculation includes the steps of:
s401, judging that the address blocks in the target active IPv6 address seed set are classified into a high active address set or a low active address set, and if the address blocks are the high active address set, executing the step S402; if the address set is a low active address set, step S403 is performed.
S402, calculating an active IP address in a corresponding address block through a preset IPv6 active address extension algorithm.
S403, the active IP addresses in the corresponding address blocks are calculated through IPv6 active address direct calculation.
The IPv6 active address direct-push algorithm used is the same as the direct-push algorithm in the embodiment shown in fig. 2.
The implementation principle of the embodiment is as follows:
according to the address blocks with different liveness, different algorithms are adopted for calculation, so that the efficiency and the accuracy of the calculation of the active address can be improved.
In step S402 of the embodiment shown in fig. 4, a plurality of initial scan address sets may be obtained by performing a traversal scan based on the address prefixes of the address blocks in the high active address set by using an extension algorithm, and then performing deduplication, format conversion, and merging processing, so as to obtain an active address set including active IP addresses. The embodiment shown in fig. 5 is specifically described in detail.
Referring to fig. 5, estimating the active IP address by the extended algorithm includes the steps of:
s501, acquiring address prefixes of all address blocks in the high active address set.
The IP address network prefix refers to an address part corresponding to a network part of the IP address.
S502, traversing the suffix binary addresses corresponding to the address prefixes respectively to obtain a plurality of initial scanning address sets.
The suffix address is firstly adjusted from an IPv6 format to a binary format, and then the suffix address bits of each binary format are traversed and output to obtain a plurality of initial scanning address sets.
S503, performing de-duplication processing and format unified processing on the plurality of initial scanning address sets to obtain a plurality of basic scanning address sets.
The traversal process in the address block may generate repeated addresses, so that a deduplication process is required, and all the addresses after deduplication are adjusted to be the addresses in the IPv6 format.
S504, combining the plurality of basic scanning address sets into an active address set, wherein the addresses in the active address set are active IP addresses.
The implementation principle of the embodiment is as follows:
the expansion algorithm is used for calculating the high active address set, the binary address of the scanning suffix is traversed through the expansion algorithm based on the address prefix of the address block in the input high active address set to obtain a plurality of initial scanning address sets, but repeated addresses possibly appear in the initial scanning address set generated through traversing, so that the initial scanning address set is required to be subjected to de-duplication processing, the format is uniformly processed into an IPv6 standard format to obtain a plurality of basic scanning address sets, and all the basic scanning address sets are combined into the active address set, namely the expansion calculation of the active IP address is completed.
In step S101 in the embodiment shown in fig. 1, since the calculation mode combining the expansion algorithm and the direct push algorithm does not need to use the address seed subset of the specific address feature, the active IPv6 address seed subset can be directly obtained and summarized through the network. Specifically, the embodiment shown in fig. 6 will be described in detail.
Referring to fig. 6, acquiring an active IPv6 address seed set includes the steps of:
s601, acquiring a plurality of first active addresses from a preset open source IPv6 active address library.
The method comprises the steps of obtaining a latest IPv6 active address library through the Internet in advance.
S602, acquiring a plurality of active domain names based on Alexa ranking.
The Alexa ranking refers to world ranking of websites, and a plurality of active domain names higher than a threshold are screened according to a preset ranking threshold.
S603, reversely resolving the plurality of active domain names into a plurality of second active addresses.
S604, summarizing the first active addresses and the second active addresses into a subset of active IPv6 address types.
The implementation principle of the embodiment is as follows:
the active IPv6 address seed subset may be obtained in conjunction with an open source IPv6 active address library and Alexa ranking without the need to obtain an address seed subset with specific address characteristics.
The embodiment of the application also discloses a scanning system of the active IPv6 address, which comprises a memory, a processor and a program stored on the memory and capable of running on the processor, wherein the program can realize the scanning method of the active IPv6 address shown in the figures 1 to 6 when being loaded and executed by the processor.
The implementation principle of the embodiment is as follows:
through program calling, firstly, the address seed set is initially classified according to a preset first duty ratio threshold and a first address duty ratio of a target IP address with an IP alias in the address seed set, the address seed set with less IP aliases can directly adopt an IPv6 active address direct estimation method to calculate active IP addresses, and the address seed set with more IP aliases can generate a pre-scanning address set to carry out preliminary scanning, and then the IPv6 active address expansion algorithm and the IPv6 active address direct estimation method are combined to calculate active IP addresses. Compared with the discovery algorithm in the related art, the method can avoid considering the address characteristics of most addresses in the address seed set, and can improve the scanning accuracy on the basis of ensuring the scanning efficiency.
The foregoing are all preferred embodiments of the present application, and are not intended to limit the scope of the present application in any way, therefore: all equivalent changes in structure, shape and principle of this application should be covered in the protection scope of this application.
Claims (8)
1. A method for scanning active IPv6 addresses, comprising the steps of:
acquiring an active IPv6 address seed subset;
respectively counting target IP addresses with IP aliases in all the active IPv6 address seed sets, and calculating the first address duty ratio of the target IP addresses in the corresponding active IPv6 address seed sets;
judging whether the first address duty ratio exceeds a preset first duty ratio threshold value or not;
if the first address duty ratio exceeds the first duty ratio threshold, generating a pre-scanning address set based on a preset expansion parameter;
detecting the pre-scanning address set and classifying the addresses according to detection results;
the method comprises the steps of combining a preset IPv6 active address expansion algorithm and an IPv6 active address direct calculation method to calculate an active IP address in the active IPv6 address seed set;
and if the first address duty ratio does not exceed the first duty ratio threshold, the active IP addresses in the active IPv6 address seed set are calculated through the IPv6 active address direct estimation method.
2. The method for scanning active IPv6 addresses according to claim 1, wherein said calculating active IP addresses in said active IPv6 address subset by direct calculation of said IPv6 active addresses comprises the steps of:
dividing all target addresses into a plurality of target address categories according to address prefix attributions of all target addresses in the active IPv6 address seed set;
acquiring a historical active address of the target address category;
obtaining an address budget value of each target address category and a weight value of a plurality of address bits in a suffix address based on the historical active address analysis;
assigning a value to the corresponding address bit by combining the address budget value and the weight value;
and performing traversal assignment on the unassigned address bits within a preset value range to obtain the active IP address.
3. The method according to claim 1, wherein the extension parameter determines an upper prefix length limit for the corresponding address block in the pre-scan address set.
4. A method of scanning for active IPv6 addresses according to claim 3, wherein said probing said set of pre-scanned addresses and classifying the addresses according to the probing result comprises the steps of:
detecting a plurality of address blocks in the pre-scanning address set to obtain a detection result;
analyzing and obtaining a second address ratio of the pre-scanning active address in each address block in the corresponding address block based on the detection result;
judging whether the second address duty ratio exceeds a preset second duty ratio threshold value;
if the second address duty ratio exceeds the second duty ratio threshold, dividing the corresponding address block into a high active address set;
and if the second address duty ratio does not exceed the second duty ratio threshold value, dividing the corresponding address block into a low active address set.
5. The method for scanning active IPv6 addresses according to claim 4, wherein said combining a preset IPv6 active address extension algorithm and an IPv6 active address direct-extrapolation algorithm to calculate active IP addresses in the active IPv6 address seed set includes the steps of:
judging that the address blocks in the active IPv6 address seed set are classified into the high active address set or the low active address set;
if the address belongs to the high active address set, calculating an active IP address in the corresponding address block through a preset IPv6 active address expansion algorithm;
and if the address belongs to the low active address set, the active IP address in the corresponding address block is calculated through the IPv6 active address direct calculation method.
6. The method for scanning active IPv6 addresses according to claim 5, wherein the step of calculating the active IP addresses corresponding to the address block by a preset IPv6 active address extension algorithm includes the steps of:
acquiring address prefixes of all the address blocks in the high active address set;
traversing the suffix binary addresses corresponding to the address prefixes respectively to obtain a plurality of initial scanning address sets;
performing de-duplication processing and format unified processing on the plurality of initial scanning address sets to obtain a plurality of basic scanning address sets;
and merging a plurality of the basic scanning address sets into an active address set, wherein the addresses in the active address set are active IP addresses.
7. The method for scanning for active IPv6 addresses according to claim 1, wherein said obtaining a subset of active IPv6 addresses comprises the steps of:
acquiring a plurality of first active addresses from a preset open source IPv6 active address library;
acquiring a plurality of active domain names based on the Alexa ranking;
reversely resolving the plurality of active domain names into a plurality of second active addresses;
the first active addresses and the second active addresses are summarized into a subset of active IPv6 address types.
8. A scanning system for active IPv6 addresses, comprising a memory, a processor and a program stored on said memory and executable on said processor, which program, when loaded and executed by the processor, is capable of implementing a method for scanning for active IPv6 addresses according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210862867.2A CN115378912B (en) | 2022-07-21 | 2022-07-21 | Scanning method and system for active IPv6 address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210862867.2A CN115378912B (en) | 2022-07-21 | 2022-07-21 | Scanning method and system for active IPv6 address |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115378912A CN115378912A (en) | 2022-11-22 |
| CN115378912B true CN115378912B (en) | 2023-06-09 |
Family
ID=84061870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210862867.2A Active CN115378912B (en) | 2022-07-21 | 2022-07-21 | Scanning method and system for active IPv6 address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115378912B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008028742A (en) * | 2006-07-21 | 2008-02-07 | Yaskawa Information Systems Co Ltd | Node device for ipv6 and program therefor |
| CN101945043A (en) * | 2010-09-06 | 2011-01-12 | 华南理工大学 | Topology discovery system of next generation Internet based on IPv6 (Internet Protocol Version 6) and realizing method thereof |
| CN108924012A (en) * | 2018-08-24 | 2018-11-30 | 赛尔网络有限公司 | Method, equipment, system and the medium of IPv6 name server liveness detection |
| CN112383644A (en) * | 2020-10-21 | 2021-02-19 | 北京邮电大学 | Heuristic IPv6 address scanning target generation method and related equipment |
| CN112492062A (en) * | 2020-11-20 | 2021-03-12 | 清华大学 | IPv6 alias prefix detection method based on fragment fingerprints |
| CN112653764A (en) * | 2020-12-24 | 2021-04-13 | 清华大学 | IPv6 service detection method and system, electronic equipment and storage medium |
| CN113630482A (en) * | 2021-08-23 | 2021-11-09 | 南京莱克贝尔信息技术有限公司 | IPv6 rapid detection method based on hidden semi-Markov |
| CN113779165A (en) * | 2021-08-03 | 2021-12-10 | 北京邮电大学 | Method for judging geographic position ambiguity of IP address and related equipment |
| CN114221932A (en) * | 2021-10-26 | 2022-03-22 | 北京邮电大学 | IPv6 active address security evaluation method and electronic equipment |
| CN114297941A (en) * | 2021-10-22 | 2022-04-08 | 北京邮电大学 | Distributed active IPv6 address prediction method and related equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8699378B2 (en) * | 2009-09-30 | 2014-04-15 | At&T Intellectual Property I, L.P. | Methods and apparatus for discovering hosts on an IPv6 network |
| US8798066B2 (en) * | 2012-09-27 | 2014-08-05 | Avaya Inc. | Method for IPv6 longest prefix match |
| US10944639B2 (en) * | 2016-06-09 | 2021-03-09 | Akamai Technologies, Inc. | Internet address structure analysis, and applications thereof |
| US20210051132A1 (en) * | 2019-08-16 | 2021-02-18 | Forcepoint Llc | System and method for service aliasing and pooled load balancing |
-
2022
- 2022-07-21 CN CN202210862867.2A patent/CN115378912B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008028742A (en) * | 2006-07-21 | 2008-02-07 | Yaskawa Information Systems Co Ltd | Node device for ipv6 and program therefor |
| CN101945043A (en) * | 2010-09-06 | 2011-01-12 | 华南理工大学 | Topology discovery system of next generation Internet based on IPv6 (Internet Protocol Version 6) and realizing method thereof |
| CN108924012A (en) * | 2018-08-24 | 2018-11-30 | 赛尔网络有限公司 | Method, equipment, system and the medium of IPv6 name server liveness detection |
| CN112383644A (en) * | 2020-10-21 | 2021-02-19 | 北京邮电大学 | Heuristic IPv6 address scanning target generation method and related equipment |
| CN112492062A (en) * | 2020-11-20 | 2021-03-12 | 清华大学 | IPv6 alias prefix detection method based on fragment fingerprints |
| CN112653764A (en) * | 2020-12-24 | 2021-04-13 | 清华大学 | IPv6 service detection method and system, electronic equipment and storage medium |
| CN113779165A (en) * | 2021-08-03 | 2021-12-10 | 北京邮电大学 | Method for judging geographic position ambiguity of IP address and related equipment |
| CN113630482A (en) * | 2021-08-23 | 2021-11-09 | 南京莱克贝尔信息技术有限公司 | IPv6 rapid detection method based on hidden semi-Markov |
| CN114297941A (en) * | 2021-10-22 | 2022-04-08 | 北京邮电大学 | Distributed active IPv6 address prediction method and related equipment |
| CN114221932A (en) * | 2021-10-26 | 2022-03-22 | 北京邮电大学 | IPv6 active address security evaluation method and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 基于种子地址的IPv6地址探测技术综述;李果;何林;宋光磊;王之梁;杨家海;李子木;;电信科学(第12期);11-14 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115378912A (en) | 2022-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8856360B2 (en) | Automatically identifying dynamic internet protocol addresses | |
| CN109905497B (en) | IPv6 active address dynamic discovery method | |
| CN112383644B (en) | Heuristic IPv6 address scanning target generation method and related equipment | |
| US11405286B2 (en) | Internet address structure analysis, and applications thereof | |
| US6618755B1 (en) | Automatically identifying subnetworks in a network | |
| Plonka et al. | Temporal and spatial classification of active IPv6 addresses | |
| JP2017530481A (en) | System and method for identifying suspicious host names | |
| CN112019652B (en) | Method and device for judging IPV6 address field | |
| CN102754394A (en) | Method for hash table storage, method for hash table lookup, and devices thereof | |
| CN106375491A (en) | Method, device and system for discovering network equipment | |
| CN111447300A (en) | Target port determination method, device, equipment and readable storage medium | |
| CN114301874B (en) | IPv6 address positioning method based on IPv4 address geographical position information and electronic equipment | |
| CN115378912B (en) | Scanning method and system for active IPv6 address | |
| CN111901201B (en) | IPv6 network topology measurement target selection method | |
| CN110784561A (en) | IPv6 address segmentation method and similar site or link address set searching method | |
| CN113382092B (en) | Active address detection method and device based on graph community discovery | |
| CN112995353B (en) | IPv6 address survivability scanning system and method based on flow analysis | |
| CN110909288B (en) | Service data processing method, device, platform, service end, system and medium | |
| CN115334044A (en) | Internet of things-oriented large-scale IPv6 address survivability detection method | |
| US8626116B2 (en) | Reducing computational complexity during user data analysis | |
| CN116827904B (en) | IPv6 address searching method, system, medium and equipment | |
| Guo et al. | FACA: An effective method for detecting the survivability of large-scale IPv6 addresses | |
| CN109637585B (en) | Method and device for correcting sequencing depth | |
| CN115827665A (en) | IP address attribution inquiry method, device, electronic equipment and storage medium | |
| Teubler et al. | Memory efficient forwarding information base for content-centric networking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |